The demand for security services is growing. Worldwide spending on security products and services will reach $120 billion by 2021, according to IDC.1 The compounded annual growth rate (CAGR) is 9.6 percent between 2016 and 2021.
The growth is fueled by the frequency and intensity of cybercrime. Cybercriminals are becoming more aggressive, and breaches, ransomware, and phishing attacks (and the costs associated with them) have skyrocketed. Network breaches increased 27 percent between 2016 and 2017, says a joint study by the Ponemon Institute and Accenture.
Growth-oriented MSPs see this as an opportunity to allow firms to transfer the risk of a security incident to them by offering security operations center (SOC) services. Although it requires an investment in personnel, equipment, and certifications, it may make for a solid long-term investment in the growth and profitability of a managed services business.
Let’s take a look at the way managed service providers can fill the gap in security services for firms vulnerable to the escalating cyber threats.
As with most sales opportunities, managed services sales success begins with a simple conversation. Usually, these conversations highlight the gap between where a firm is and where they want to be. Conversation starters around Security-as-a-service (SECaaS) usually focus on what companies don’t want to be. High-profile breaches such as Equifax and Yahoo have put firms on notice that if it can happen to large enterprises, surely it can happen to them, too.
1. Become a news source for your existing and potential clients about the current landscape of threats to their network security. You can do this by including information about the latest breaches in your monthly or weekly newsletter. You can also include it in the slide decks of your sales presentations.
If you produce or you’re a guest on a webinar or podcast, those are great opportunities to mention the current threat landscape. Be sure not to paint a completely bleak picture. Instead, share resources, information, tools, and insights that can help firms harden networks against intrusions.
Use email to alert contacts to emerging threats. One of the best ways to position yourself as an expert is to put complex cybersecurity issues into context for the people you wish to do business with. One of the ways to do that is to “newsjack,” meaning, you take a major event in the news relating to cybersecurity and put a spin on it that’s relevant to the industry you serve. Here’s an example:
News Event: Equifax is ordered by nine states in the U.S. to implement aggressive patch management protocols to avoid the massive data breach it suffered in 2017, exposing sensitive records of 150 million U.S. citizens.
Your Email Alert to Customers (if you’re targeting healthcare CIOs):
[Subject Line] How You Benefit from Equifax’s Day of Reckoning
[Body of Email]
Hi {first name},
If you don’t want to be the next Equifax, check your patch management protocols. The key element to Equifax’s breach was a lack of proper patch management. Eight states have ordered the credit reporting agency to improve its cybersecurity, starting with patch management. You may be thinking, “Patch management for my network is solid. It’s a core tenet of HIPAA. I’m good.” Think again, the peripherals and devices that collect and sometimes hold private health records run on software, and that software must be patched as well.
Let’s discuss ways we can assist your firm in securing not only your network but all devices and peripherals that feed data into the network.
*end of email*
The good news is that there’s no limit to the amount of news you can report on for your audience. If you know how to see the benefit to your audience in the news you hear about cybersecurity, it warrants a message/email.
Note: You’ll want to strike the appropriate balance so that you don’t constantly scare your audience but you do keep them informed about important issues that affect the security of their data.
2. Capitalize on the opportunity in bundling security services. Gartner recently shared that 40 percent of SECaaS solutions will be bundled with other IT outsourcing projects by 2020, according to CRN. This speaks to the need to create products your target audience can easily understand and purchase on a recurring basis from your firm. Here’s more information on productizing your offers.
It helps to start a conversation about security services when you’re already having discussions about other aspects of managed services for your clients. Bundling in much-needed security solutions helps you justify the increased cost of your services to existing customers.
3. Brand your vulnerability testing offer. We know one of the best ways to start a conversation is to offer a vulnerability test. Since it’s such a common offer, consider standing out by branding your vulnerability testing with a unique name, and a little extra your existing and potential customers might not expect.
Keep in mind this isn’t an easy task and can take a deep understanding of your audience, the industry you serve, and the technology solutions you’re offering.
Bottom line: You’re going to need help with this, but once you have a solid brand in place and create excitement around vulnerability testing, you’ll have a steady stream of qualified leads your sales team can work to convert into sales.
No matter which conversation starter you use, keep in mind you’ll need a strong infrastructure for managing the new security services business you sign on. Here’s a look at a very important discussion going on right now about the talent shortage among cybersecurity pros that could affect your growth in this area:
One of the best and worst things about the growth in interest for SECaaS is the shortage in qualified security talent. It’s a pain point that brings clients to your firm for managed services. Yet you’ll need experts to manage the accounts you sign on.
ESG recently surveyed CISOs, and now more than half (51 percent) identify the talent shortage a major problem in cybersecurity for their firm. That’s up from 23 percent back in 2014. So while the field of opportunity is vast, one major roadblock remains: who will you get to handle new business once you bring it on. Here are a few options we’ve discovered:
Court non-traditional hires: A recent article from the Harvard Business Review suggests hiring people with non-traditional backgrounds (read: no Bachelor’s degree) who have capabilities in cybersecurity.
Increase internal training: This is the go-to solution, but it’s not always a feasible one. With such an intense shortage, you can train a cybersecurity professional, and that person could leave for another more lucrative position. With that in mind, work closely with your HR team to develop a talent retention strategy.
Reach and engage younger workers: STEM programs in high schools and colleges are great recruiting grounds for cybersecurity techs. Consider sponsoring and sending personnel to volunteer in these tech-centric programs, touting the existing and future opportunities available to cybersecurity pros.
Identify the most important certifications for the technology you’re using to serve your chosen verticals and require IT security pros to come with these certifications or to acquire them within a certain period of time.
Help is on the way: Google just announced a partnership with local community colleges to help companies fill IT support roles in their organizations. Although it’s not specific to IT security roles, this could be an opportunity to find and train solid IT talent. Find out more here.
The opportunity in SECaaS for MSPs benefits from a rapid growth rate. IDC shows that between 2016 and 2021 managed security services will be the fastest growing security category. More insights from IDC:
If you’re positioning your firm to make a significant play in the area of SECaaS, you may need help with packaging, branding, and communicating your messaging. Presh Marketing Solutions can help. Let’s start a conversation about your current needs and how we can help you achieve your goals in providing Security-as-a-Service to your chosen markets.
1 IDC, Worldwide Semiannual Security Spending Guide